[Grml] Installing grml with encrypted root with encrypted swap
Michael Gebetsroither
gebi at sbox.tugraz.at
Sat Jul 28 16:44:47 CEST 2007
Quoting Mathew Brown <mathewbrown at fastmail.fm>:
> I was wondering if it was possible to install grml on an encrypted
> root partition and with an encrypted swap partition.
Yes, no problem!
> I plan on
> installing grml on an external USB drive and since it can be stolen so
> easily, I'd rather protect my data using encryption. So is this
> possible?
Yes too ;).
If you only want to protect your data, ecryptfs only for your data
would imho the best option (ecryptfs is a stacked cryptfs, so no
special cryptocontainer is needed).
> According to http://grml.org/grml2hd/grml2hd.html this can't
> be done but that web page hasn't been updated since Jan. 2006. Any
> ideas?
grml2hd doesn't support this directly, but it is easy to upgrade a
grml with many different encryption schemas.
If you want real encrypted root you should use cryptsetup-luks, so
every single bit except /boot is encrypted on your stick (/boot has to
be on a seperate partition).
Just create the encrypted partition and install with grml2hd on it
(afterwards you need to configure grml to be able to boot from it) [1].
If you want to protect your sensitiv private data just use ecryptfs on
the folders you want to encrypt.
Encrypted swap is just 2 lines of config ;)[2].
[1]: /usr/share/doc/cryptsetup/README.initramfs.gz
[2]: /usr/share/doc/cryptsetup/CryptoSwap.HowTo
cu,
michael
More information about the Grml
mailing list